feat(frontend+backend): add scan history diff view#366
Conversation
utksh1
added
area:backend
utksh1
left a comment
utksh1
left a comment
There was a problem hiding this comment.
Requesting changes before merge. The scan diff feature is promising, but there are correctness issues to clean up: the frontend type has a duplicated 'before' property in SeverityChangePair, the diff fingerprint assumes every finding has title/category/target and can crash on malformed parser output, and the UI/API path needs regression coverage for missing fields and same-scan/different-target cases. Please tighten those before review.
|
Thanks for following up. Clarifying the change request so it is actionable: Why this is blocked: What to do next:
|
KBarathraj
force-pushed
the
feat/scan-history-diff-view
branch
2 times, most recently
from
00c2551 to
173e762
Compare
|
Hey bro @utksh1, all three points have been addressed and all 6 CI checks are now passing. SeverityChangePair : conformed clean 32 tests passing total. please check it out man |
|
Re-reviewed after the latest push. Still blocked: please fix the duplicated before field in the frontend severity-change type, make diff fingerprinting tolerate missing finding fields without crashing, and add regression coverage for missing fields plus same-scan/different-target cases. |
|
Hi @utksh1, I've now done a complete line by line go through of every file in the commit and cannot reproduce any of the three issues you mentioned. Could you please help me understand exactly what you're seeing? I ask this because I've verified directly from git: SeverityChangePair has always had exactly before: Finding and after: Finding A screenshot or direct quote from the Files Changed tab would help me address your concern precisely. I genuinely want to fix issue that the commit has. I just can't find it without knowing where to look. |
|
Re-reviewed after the latest push. Still blocked: please fix the duplicated frontend severity-change field, make diff fingerprinting tolerate missing title/category/target without crashing, and add regressions for missing fields plus same-scan/different-target cases. |
|
As stated previously,Please be more specific |
KBarathraj
left a comment
KBarathraj
left a comment
There was a problem hiding this comment.
completed requested changes
|
Hi @utksh1 — this is now the third review cycle with the identical three complaints word-for-word. I've checked the diff at every commit: SeverityChangePair in api.ts has exactly before: Finding and after: Finding — no duplicate Could you paste the specific file + line number for each concern? I can't fix something I can't locate in the code. |
- Add GET /api/v1/scans/diff endpoint with 404/400/422 validation - Add diff_service.py with fingerprint and compute_diff logic - Add Pydantic v2 schemas for diff response - Add ScanComparePicker, ScanDiffView, DiffFindingCard components - Add useScanDiff hook with AbortController for race condition safety - Harden fingerprint and _parse_findings against malformed data - Add 32 tests: unit and route-level coverage Closes utksh1#336
- Move same-scan guard before DB fetches (400 for non-existent same ID) - Fix remediation default None instead of empty string in schemas - Wire AbortController signal end-to-end through getScanDiff() - Add asymmetric missing-scan 404 tests (scan_a missing, scan_b missing) - Strengthen valid-diff test to assert diff content not just shape 34 tests passing
KBarathraj
force-pushed
the
feat/scan-history-diff-view
branch
from
b597b2e to
cce7816
Compare
|
hey @utksh1 ,can you review this pr out |
utksh1
left a comment
utksh1
left a comment
There was a problem hiding this comment.
Re-reviewed the latest push. Still too large/risky to merge as-is: 14 files and full-stack scan history diff behavior need a cleaner rebase and focused verification. Please rebase on main, reduce unrelated churn, and make the PR easier to validate end to end.
|
Closing due to unresolved review feedback. |
2 participants
Description
Adds a Compare Scans feature. Users can select two historical scans of the same target and see findings categorized as new, fixed, unchanged, or severity changed. Helps track remediation progress over time.
Related Issues
Closes #336
issue name : Add Scan History Diff View for Comparing Historical Scan Results
Type of Change
How Has This Been Tested?
./testing/test_python.sh:- 9/9 passing (9 new tests for diff_service)cd frontend && npm run test:- passingcd frontend && npm run build:- zero TypeScript errors, zero new warningsChecklist
Screenshots of changes
Before:
After :
Comparing scans:
